Method and system for secure distribution and utilization of data over a network

ABSTRACT

A method and system for the secure distribution and utilization of data over a network. A server computer may issue a certificate and a private key to a client for identifying the client in a transaction. The certificate and the private key may be stored in a token used by the client during a transaction. The server may verify a digital signature using the certificate stored in the token before distributing data to the client. The server may also generate a message associated with the data being downloaded to the client and associated with the token used by the client during a transaction.

BACKGROUND

[0001] 1. Field of the Invention

[0002] The present invention relates to the field of data distributionand, in particular, to the secure distribution and utilization of data,such as, for example, confidential or proprietary documents or audio,video, multimedia or other entertainment content, over a network.

[0003] 2. Description of Related Art

[0004] The ease with which data may be copied and distributed overpublic and private networks has been a major impediment to thewidespread use of networks as a medium for the sale and distribution ofdata. In particular, the inability to prevent the illegal copying and/ordistribution of copyrighted material or the pilfering of proprietarydocuments has thwarted the commercial use of networks as a viable salesand distribution channel.

[0005] In the area of entertainment content, copyright violations havebeen particularly egregious. The illegal copying and distribution ofcopyrighted material has gone virtually unchecked, with little recourseto the copyright owners. The recent decision of a federal court to issuean injunction shutting down the song-swapping web site NAPSTER isfurther indication that, up to the present time, little has be done toprevent illegal copying and distributing over public networks except toprevent use of the network for transmission of copyrighted materialaltogether. Thus, content owners are still not able to tap the massivemarkets that exist for online sale and distribution of audio, video,multimedia and other entertainment content.

[0006] In addition, the exchange of confidential or proprietary dataover public networks such as the Internet, although being tremendouslyconvenient and offering tremendous savings in time and money, has stillnot been fully embraced by businesses and other networking communitiesdue to concerns over privacy and confidentiality. The ever-presentthreat of pilfering of such data has prompted many businesses andorganizations to recommend that such data be exchanged by means otherthan an electronic network.

[0007] The security, privacy and confidentiality issues associated withdata or content distribution over a network have been addressed byseveral techniques, all with limited success. For example, one of thefirst techniques to address the distribution of data and content overpublic networks involved encryption/decryption. In an effort to preventunauthorized access to data being sent over a network, data may beencrypted in such a manner that it can be decrypted only by therecipient. While this technique may be effective to prevent hackingduring transmission of the data, encryption/decryption techniques donothing to prevent illegal copying and redistribution of the data oncethe data has been decrypted by the recipient.

[0008] Other techniques have sought to prevent illegal copying anddistribution of data over networks by identifying the owner of the datawithin the data itself. For example, certain identifying data, commonlyknown as a “digital watermark” and deriving its name from a traditionalwatermark seen on checks and other documents, may be added to data sothat the owner, creator, distributor or other interested party may beidentified within the data. In addition, a digital watermark maycommunicate copyright information, such as the owner of the copyright tothe data, when the data was first copyrighted, whom the recipient maycontact in order to inquire about licensing rights, and the like.

[0009] Unfortunately, digital watermarking alone has been insufficientto prevent widespread illegal copying and distributing of copyrightedmaterial. Many in the networking community simply ignore digitalwatermarks. Moreover, enforcement by copyright owners using digitalwatermarks alone is tremendously difficult. Even if an unscrupulous userof copyrighted material is aware of a digital watermark, the user cancopy and redistribute the data hundreds and even thousands of timeswithout knowledge by the copyright owner. There is little the copyrightowner can do to prevent this.

[0010] One technique for monitoring the distribution of information thatis accessible through a public network is disclosed in U.S. Pat. No.5,889,860, Encryption System With Transaction Coded Decryption Key.According to the '860 patent, a client who has chosen to purchase onlinedata, such as a song, enters payment information and is assigned apassword that is specific to the client and the transaction. Thepassword functions as a decryption key to enable use of the data by theclient. Should the client improperly copy and redistribute the data andthe decryption password, the copies can be traced back to the clientbased on client identifying information encoded in the password.

[0011] Although possibly effective for identifying clients who havecopied and redistributed data, the technique of U.S. Pat. No. 5,889,860offers no method of enforcement. Similar to the case of digitalwatermarking, many clients are unconcerned that information identifyingthem is passed along with the data to unauthorized third parties. As faras the copyright owner is concerned, it is tremendously difficult todetermine that data is being copied and redistributed over a publicnetwork and, even if it were not difficult, the volume typicallyassociated with the illegal copying and redistributing of popular datais so great that any practical attempts to enforce copyrights wouldcurrently be futile.

SUMMARY OF THE DISCLOSURE

[0012] Embodiments of the present invention relate to methods andsystems for the secure distribution and utilization of data over anetwork. Methods according to embodiments of the present invention mayinclude issuing a certificate and a private key to a client foridentifying the client in a transaction. The certificate and private keymay be stored in a token used by the client during the transaction.Before distributing data to the client, the client's identity may beverified using the certificate and a digital signature signed using theprivate key.

[0013] A message may be generated by a server and associated with thedata being downloaded to the client and further associated with thetoken used by the client during the transaction. Once the client'sidentity has been verified and a message generated, data may bedistributed to the client.

[0014] A client and a server may communicate over a secure networkconnection. Using the secure network connection, the server may issuethe certificate and private key to the client. The secure networkconnection may use a secure socket layer protocol or other secureprotocol. Prior to issuing a certificate and private key and storingthem in the client's token, the server may ask the client to establish apassword for the token. The server may also ask the client to establisha password for a client account.

[0015] The token may interface to the client's computer. The certificateand private key may be stored in the token by writing them to the tokenacross the network. Alternatively, the certificate and private key maybe stored in the token by writing them to the token at the servercomputer.

[0016] A client may request data to be distributed from a server. Priorto distributing the data, the server may request that the client sendthe server the client's certificate. The server may also request thatthe client send the server a digital signature. The server may alsorequest a distinguishing number of the token. Once the server hasverified the client's identity, the server may generate a messageassociated with the data and the token and distribute the data to theclient over a network.

[0017] A system for distributing data over a network according toembodiments of the present invention may include a client computer forrequesting data over a network, the client computer being interfaced tothe network, a server computer for distributing requested data over anetwork, the server computer being interfaced to the network, and atoken interfaced to the client computer. The server computer may storethe certificate and private key in the token. Furthermore, the servercomputer may verify the identity of the client with the client'scertificate in the token before distributing data to the client.

[0018] A system for distributing data over a network according toembodiments of the present invention may further include a firewallinterfaced to the network and a cryptographic processor interfaced tothe server computer and the firewall.

[0019] According to embodiments of the present invention, a third partycomputer system may interface to the network. The third party computersystem may issue a certificate and a private key and stores them in thetoken.

[0020] These and other objects, features, and advantages of embodimentsof the invention will be apparent to those skilled in the art from thefollowing detailed description of embodiments of the invention when readwith the drawings and appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

[0021]FIG. 1 is a general system for the secure distribution andutilization of data over a network according to an embodiment of thepresent invention.

[0022]FIG. 2 is a flowchart of a general method for the securedistribution of data over a network according to an embodiment of thepresent invention.

[0023]FIG. 3 is a flowchart of a method for issuing a certificate andprivate key and storing them in a token according to an embodiment ofthe present invention.

[0024]FIG. 4 is a flowchart of a method for verifying the client'sidentity with the client's certificate, generating a message, anddistributing data according to an embodiment of the present invention.

[0025]FIG. 5A is a flowchart of a method for utilizing data that hasbeen downloaded to a client according to an embodiment of the presentinvention.

[0026]FIG. 5B is a flowchart of a method for verifying a digital messageaccording to an embodiment of the present invention.

[0027]FIG. 6 is an alternative system for the secure distribution ofdata over a network according to an embodiment of the present invention.

[0028]FIG. 7 is an alternative system for the secure distribution ofdata over a network according to an embodiment of the present invention.

DETAILED DESCRIPTION

[0029] In the following description of preferred embodiments, referenceis made to the accompanying drawings which form a part hereof, and inwhich are shown by way of illustration specific embodiments in which theinvention may be practiced. It is to be understood that otherembodiments may be utilized and structural changes may be made withoutdeparting from the scope of the preferred embodiments of the presentinvention.

[0030] Embodiments of the invention are directed toward a method andsystem for the secure distribution and utilization of data over anetwork. Embodiments of the present invention allow data, including,without limitation, data in the form of entertainment content such asaudio and video, to be distributed over a network to consumers,companies or other individuals or entities while reducing the risk thatsuch data is subsequently copied illegally or redistributed withoutauthorization. Embodiments of the invention may be implemented byindividuals or large organizations. For example, embodiments of theinvention may be implemented by entertainment content owners desirous ofdistributing music, movies, games, videos and other multimedia overnetworks such as the Internet.

[0031] Embodiments of the present invention may be implemented in avariety of ways. FIG. 1 shows a general system configuration on whichembodiments of the present invention may be implemented. A clientcomputer or other computing device 10 has a connection to a network 14.The client computer or other computing device 10 may contain, withoutlimitation, a processor or processors, memory and other components asare common in the industry.

[0032] The network 14 may be a public network, a private network, or acombination thereof. For example, in a typical workplace environment, aclient computer 10 may be connected via an Ethernet connection to alocal area network (LAN), which, in turn, is connected to a largerpublic network, such as the Internet. Alternatively, if the clientcomputer 10 is a stand alone PC in the client's home and the network 14is the Internet, the client may connect to the network 14 through anInternet Service Provider (ISP) using a standard modem connection.

[0033] A server 16 also connects to the network 14 such that the clientcomputer 10 and the server 16 may communicate with each other over thenetwork 14. The server 16 may contain, without limitation, a processoror processors, memory and other components as are common in theindustry.

[0034] Interfaced to the client computer or other computing device 10 isa token 12. The token may be a discreet piece of hardware thatinterfaces in some manner to the computer or other computing device 10.For example, the token 12 may be in the form of a smart card, a floppydisk, a CD-R, or a removable hard drive. Alternatively, the token may bean IKEY™ hardware token, made by RAINBOW TECHNOLOGIES, Irvine, Calif. Inone embodiment of the invention, the information in the token isdifficult for a general user to read. In addition, the token may besealed within a security boundary, i.e., a physical boundary or border,outside of which it may be relatively easy to write information into thetoken but relatively difficult to read information from the token. Thus,the token may physically protect information, such as private keys, suchthat the information never exits the token. Cryptographic operationsassociated with protected keys may be performed within the token itself.

[0035] The token 12 may interface to the computer 10 in a variety ofways. For example, the token 12 may interface to the computer 10 via acable. Alternatively, the token 12 may interface to the computer 10 viawireless link, such as, for example, an RF, optical or infrared link.If, for example, the token 12 is an IKEY™ hardware token, the token 12may plug into a Universal Serial Bus (USB) port on the computer 10.

[0036] The token 12 may come in a variety of sizes and form factors. Forexample, if the token 12 is an IKEY™ hardware token, the token 12 may besmall enough and lightweight enough to placed on a key ring or othertype of key holder. The token may be kept and guarded by the client,much in the same way the client would keep and guard credit cards, housekeys, car keys and other valuables.

[0037]FIG. 2 shows a generalized method for secure data distributionaccording to an embodiment of the present invention. At step 20, anindividual, a company, a distributor or some other entity in control ofdata and intending to distribute the data in a secure manner issues acertificate and a private key to a client requesting the data. Thecertificate and private key are used to authenticate the client during atransaction in which the client requests data. The data may consist ofconfidential or proprietary documents or, alternatively, may beentertainment content, such as, for example, music, a movie, multimediaor some other type of audio or video content.

[0038] Once a certificate and private key has been issued to a client atstep 20, they may be stored in a token used by the client at step 22. Asstated previously, the token may be a discreet piece of hardware thatinterfaces in some manner to a computer or other computing device.

[0039] Once a certificate and private key identifying a client have beenstored in the token at step 22, the client is then ready to downloaddata. The client may download data during the session in which theclient's certificate and private key was stored in the token or duringanother session at a later time. Whenever the client is ready todownload data, the client's identity may be verified by a serveroperated by the individual, company, distributor, or other entity usingthe client's certificate before distributing data at step 24. Forexample, assume a client, at some time after receiving a certificate andprivate key, interfaces the token containing the certificate and privatekey to a computer and visits a music distribution company's web site.After perusing the music available for download, the client may requesta download of a particular song in digital form. Prior to distributingthe song to the client, the client's identity is authenticated with theclient's certificate stored in the token, thereby ensuring that thedownloading of data to the client is authorized.

[0040] Once the client's identity is verified with the certificate, atstep 26 a message may be generated by the server which is associatedwith the data requested by the client and the token used by the clientwhen making the request. As will be explained in greater detail below,the message, in conjunction with the token in which a certificate hasbeen stored, may be used to prevent illegal copying, theft, and/orsubsequent distribution of the data downloaded by the client.

[0041] After the message is generated at step 26, the encrypted data andthe associated message are distributed to the client at step 28. Theclient is then free to use the data. For example, if a song in digitalform has been distributed to the client, the client may listen to thesong at any time, using an appropriate media player, by interfacing thetoken used during the session in which the distribution was made to thecomputer on which the song resides.

[0042] A certificate and private key may be issued in a variety ofcontexts. For example, a certificate and private key may be issued inthe course of establishing an account between a content distributor anda consumer. Such would be the case, for example, if a consumer wanted toestablish an account with a music distribution company. According to anembodiment of the present invention, the music distribution companywould issue a certificate and a private key to the consumer and storethem in a token used by the consumer. FIG. 3 shows a detailed method ofissuing a certificate and private key and storing them in a tokenaccording to an embodiment of the present invention in the generalcontext of a content distribution company.

[0043] At step 30, a content distribution company or other companyprovides a client, i.e., a consumer, with enough information necessaryto establish an account between the company and the client. Theinformation may include, but is not limited to, providing a client witha company name and a web site address.

[0044] The company may provide this information in a variety of ways.For example, such information may be made available through a retailstore. If a client is interested, for example, in purchasing music,movies or the like over a network such as the Internet and visits aretail store where the company's music, movie or other distributionservices are advertised, the client may obtain a package at the retailstore containing company information and instructions that direct theuser to the company's web site. The client may then go to a computer orother device to access the company's web site, logon to the web site andbegin the process of establishing an account with the company.

[0045] Once the client has logged on to the company web site, a secureconnection may be established between the company server and the client.The secure connection may be established in a variety of ways. Forexample, the widely-implemented Secure Socket Layer (SSL) protocol maybe used in establishing a secure connection between the server and theclient. Alternatively, other protocols may be used in establishing asecure connection between the server and the client. When establishing asecure connection between the server and the client using SSL, theclient may send the server a protocol version number, a sessionidentifier, cipher settings, random numbers, and other informationnecessary for communicating with the server. In turn, the server maysend the client a protocol version number, a session identifier, ciphersettings, random numbers, and other information necessary forcommunicating with the client.

[0046] Regardless of any protocol used for the connection between theclient and the server, at step 32, the server sends the client itscertificate and key exchange information. In turn, the client sends theserver verification of the server's certificate and key exchangeinformation at step 34. Subsequently, the server and the client maycompute a session key for the session at step 36. After the session keyhas been computed, a secure connection between the server and the clientwill have been established.

[0047] Once the session key has been computed and a secure connectionestablished, at step 38 the server may request and the client may sendto the server a variety of information, such as, for example, a username, a password for an account, a credit card number and any otherinformation, such as, for example, addresses, telephone numbers and thelike, which may be necessary for the client to establish an account withthe company as determined by the company, all of which will have beenencrypted with the session key. Once the server has obtained therequisite information from the client, the server may verify theclient's credit card number and establish an account for the client atstep 40.

[0048] During this time, terms of the account may also be established.For example, if the company distributes music over a network, the clientmay choose a variety of payment methods. The client may choose to havehis credit card charged a monthly fee for a predetermined number ofdownloads. Alternatively, the client may choose to have his credit cardcharged per download. The client and the company may establish anypayment method suitable to both parties.

[0049] Other terms of the account may also be established at this time.For example, in the case of a music distribution company, the durationfor which a song may be enabled for listening may depend on the amountof money a client has paid for the song. A small fee charged to theclient's credit card may enable the client to listen to the song for apredetermined period of time. A larger fee charged to the client'scredit card may enable the client to listen to the song for an unlimitedperiod of time. As with the payment methods, the client and the companymay establish any terms suitable to both parties.

[0050] Subsequent to the establishment of the account, the server maygenerate a private key for the client, issue a certificate for theclient, encrypt both of them with the session key, and store the privatekey and the client certificate in the client's token at step 42. Theserver may store the private key and the client certificate in theclient's token in a variety of ways. For example, if the chosen token isan IKEY™ hardware token, the token is lightweight and portable, and maybe easily included in the package obtained by the client at a retailstore. Thus, subsequent to account establishment, the server may directthe client to insert the token into a port on the computer or otherdevice used for the session. The port may connect to a serial bus suchas the USB. Thus, with the token connected to a USB port of the devicebeing used by the client, the server may store the private key and theclient certificate directly into the token by sending the private keyand the client certificate in encrypted form to the token over thenetwork.

[0051] Alternatively, the server may store the private key and theclient certificate into the token at the server location. The token maythen be sent to the client using regular mail or delivery services.

[0052] Once a private key and client certificate have been stored in theclient's token, the client may download a media player or other enablingplayer into the client computer or other device used by the client toutilize downloaded data at step 44. The client is then ready to purchasedata over a network and listen to, watch, play, read or utilize in anyway, as the case may be, the data downloaded from the server.

[0053]FIG. 4 shows a detailed method according to an embodiment of thepresent invention of verifying a client's identity with a certificatestored in a token; generating a message associated with data requestedby the client and the token used by the client; and distributing thedata and the associated message to the client in response to a requestby the client to purchase data.

[0054] Once a client has decided to purchase or lease data over anetwork, whether such data be in the form of entertainment content orotherwise, and has logged on to a company web site, the client and theserver may authenticate each other. The authentication between theclient and the server may be accomplished in a variety of ways. Avariety of protocols may be used for the authentication process. Asbefore, for example, the SSL protocol may be used for authenticationbetween the server and the client. The client may send the server aprotocol version number, a session identifier, cipher settings, randomnumbers, and other information necessary for communicating with theserver. In turn, the server may send the client a protocol versionnumber, a session identifier, cipher settings, random numbers, and otherinformation necessary for communicating with the client.

[0055] The server may send a client a server certificate so that theclient may verify the identity of the server at step 50. Additionally,the server may request that the client send the client's certificate tothe server so that the server may verify the identity of the client.

[0056] At step 52, the client sends the server the client certificatethat was issued to the client when the client first established anaccount with the content distribution company. The client may also sendthe server a verification of the server identity with the server'scertificate, thereby notifying the server that the client recognizes theidentity of the server.

[0057] Also, the token used by the client during the transaction may bemarked with a distinguishing number. The distinguishing number may be apermanent marking on the token to identify the token. The distinguishingnumber may be assigned by the token manufacturer at the time of tokenfabrication. Thus, the token distinguishing number may not be modifiedor removed from the token and serves to identify the token during itslifetime. At step 52, the client may also send the token distinguishingnumber to the server. If desired, the server may verify the tokendistinguishing number sent by the client during the current session withthe token distinguishing number sent by the client when the account wasestablished, thereby giving the server a heightened sense of security inidentifying and verifying the client requesting the download.

[0058] Once the client sends the server the client certificate, servercertificate verification and token distinguishing number, the serververifies identity of the client with the client certificate at step 54.Once the client's identity has been verified, a symmetrical key may begenerated by the server at step 56, thereby establishing a secureconnection and allowing data to be transferred from server to client ina secure, encrypted manner. The symmetrical key may be generatedrandomly.

[0059] Once the symmetrical key has been generated, the server computesa digital message for the data requested by the client and the clienttoken at step 58. The digital message is, thereafter, associated withthe data requested by the client and the token used during the sessionand serves to permanently link the data requested by the client with thetoken used during the session. The digital message may take a variety offorms. For example, the digital message may be computed using a publickey (asymmetric) cryptographic algorithm and may contain a variety ofinformation, including, without limitation, an identification number ofthe data the period of time for which the data may be used by theclient, the distinguishing number of the token used during the sessionin which the data was requested or downloaded, and the symmetrical keyused to encrypt the data when sent from the server to the client over anetwork. In notation form, the digital message according to anembodiment of the present invention may be in the form of:

D(DID+T+DN+E(S)_(pukc))_(prkd)

[0060] where D is the asymmetric cryptography decryption process using aprivate key, E is the asymmetric cryptography encryption process using apublic key, DID is the identification number of the data, T is theperiod of time for which the data may be used by the client, DN is thedistinguishing number of the token used during the session in which thedata was requested or downloaded, S is the symmetrical key used toencrypt the data when sent from the server to the client over a network,pukc is the public key of the client and prkd is the private key of theserver.

[0061] Once the digital message has been computed, the server encryptsthe data using the symmetrical key and sends it and the digital messageto the client at step 60. The client then may use the data in a desiredmanner or store the data for use at a subsequent time.

[0062]FIG. 5A shows a method of using data that has been downloaded froma server according to an embodiment of the present invention. If, forexample, the client has downloaded a song in digital form, the clientmay wish to listen to the song at some point. Thus, at step 64 theclient may open the requisite media player and the file containing thesong data and the digital message that was downloaded in digital formfrom the music distributor's server. At step 66, the media playerresident in the client computer may ask the client for a token. Thus,the client would then interface his token to the computer or otherdevice currently being used. If, for example, the client is using anIKEY™ hardware token, the token may be inserted directly into a USB portof the computer or other device being used by the client.

[0063] At step 68, the media player reads the distinguishing number (DN)of the token. Next, at step 70, the media player verifies the digitalmessage that was sent with the downloaded data, the details of which areexplained below, with the public key of the distributor's server. Oncethe digital message has been verified, the media player plays thedownloaded data.

[0064] Details of the digital message verification of step 70 may beseen in FIG. 5B. According to an embodiment of the present invention, atstep 72, the media player verifies the DN of the token with the DN thatis part of the digital message. If the DN of the token matches the DN ofthe digital message, the media player then checks the time periodassociated with the data at step 74 to determine if the client ispermitted to play the file according to the terms of the purchaseagreement. If the client is within the allowable time period, the mediaplayer uses the private key from the token to decrypt the encryptedsymmetrical key that was used to transfer data over the network betweenthe server and the client at step 76. The media player may read theprivate key from the token. Alternatively, if the token is equipped withcryptographic processing capabilities, the media player may send theencrypted symmetrical key to the token so that it may be decrypted withthe private key. Armed with the symmetrical key, the media player thendecrypts the data that was downloaded at step 78.

[0065] If steps 72 through 78 are successful, i.e., if all comparedvalues are equal and the encrypted symmetrical key and data can beproperly decrypted, the media player may then play the file for theenjoyment of the client at step 80.

[0066] Thus, the methods and systems according to embodiments of thepresent invention may deter illegal copying or redistribution of data ina variety of ways. If the DN of the token does not match the DN of thedata, which may occur if a token has been stolen or the data has beencopied and sent to another client having another token, the media playerwill not play the file. In addition, if the time period for which thefile may be played has expired, or if the time period for which the filemay be played has not yet started, such as in the case where a file isdownloaded at a particular time for use at a future time, the mediaplayer will not play the file.

[0067] If the data has been modified in any way, which may be the resultof unscrupulous users attempting to circumvent the system by tamperingwith the data, the client generally will be aware of such modificationbecause the data, in its modified form, will not be usable to theclient. The client may then have the option of sending the digitalmessage back to the server and ask the server to re-send the data to theclient. The server can determine what data to send back to the client byusing the DID in the digital message.

[0068] Furthermore, if downloaded data and the associated digitalmessage is stolen from a client by an unscrupulous client having his owntoken, the file will still not play because only the private key fromthe original client's token can decrypt the encrypted symmetrical keywhen the symmetrical key is decrypted by the media player. In addition,the digital message cannot be forged by a third party since it wasencrypted using the private key of the server.

[0069] According to further embodiments of the invention, if a clientshould lose the token or have the token stolen, the client may so notifythe server that the token has been lost or stolen. The server may thenrevoke the client's certificate. Thus, should a third party attempt touse the token after the server has revoked the client's certificate, thetoken, which stores the client's certificate, will be rejected by theserver. Thus, after a certificate has been revoked, the token storingthe certificate will be essentially useless, thereby adding yet anotherlayer of protection afforded by the methods and systems according toembodiments of the present invention.

[0070] In addition, use of the token by a third party who has stolen orotherwise illegally obtained the token may be further prevented byutilizing a password protection system with the token. As explainedpreviously, when a client establishes an account with a server, theclient may be required to furnish to the server a password for theaccount. The client may also be require to enter a password for thetoken. If a token has been stolen by a third party, the third party willnot have knowledge of the password, thereby making it difficult for thethird party to use the stolen token to purchase data.

[0071] The method of verifying a digital message and playing adownloaded file shown in FIGS. 5A and 5B are representative embodimentsof the present invention. Other information may be included in thedigital message and other methods according to embodiments of thepresent invention may be used to verify the digital message and utilizedownloaded data.

[0072] Systems implementing embodiments of the present invention neednot be limited to the system shown in FIG. 1. For example, FIG. 6 showsan alternative system according to embodiments of the present invention.A client computer or other computing device 10 connects to a network 14.Connected to the client computer or other computing device 10 is a token12. A firewall 18 connects to the network 14 as an added layer ofprotection for the server 16. In addition, a cryptographic processor 15may be connected between the firewall 18 and the server 16. Thecryptographic processor 15 may handle some or all of the cryptographicand other functions performed by embodiments of the invention. Forexample, the cryptographic processor 15 may function as a certificateauthority. In addition, the cryptographic processor 15 may perform allof the functions necessary when establishing a secure connection betweena server and a client, may generate digital messages and may encryptdata.

[0073] The server 16 may also be supplemented by a data base 17. Thedata base 17 may store account numbers, passwords, and any other of avariety of information required by a distributor to implement theparticular embodiment of the present invention.

[0074]FIG. 7 shows an alternative system according to embodiments of thepresent invention. A client computer or other computing device 10connects to a network 14. Connected to the client computer or othercomputing device 10 is a token 12. Also connected to the network is athird party certificate authority 13. The third party certificateauthority 13 may provide a variety of functions, including, withoutlimitation, verifying clients, issuing client certificates,preliminarily establishing client accounts, and the like. Theperformance of such functions by the third party certificate authoritymay relieve the burden of these functions from the distributor's server,thereby allowing the server to focus its activities on downloading datarequests made by clients.

[0075] The computer or other computing device 10 may be implemented in avariety of ways. For example, the computer or other computing device 10may be a portable device such as a PALM™ handheld or other portabledevice. The portable device or other handheld may have a wirelessconnection to a network. For example, embodiments of the presentinvention may by implemented on a handheld device with a wirelessconnection to the Internet. Clients who are interested in, for example,downloading music from the Internet could interface their tokens to thehandheld device and download music to the handheld device. If thehandheld device is equipped with audio processing hardware,cryptographic capabilities, and an interface for the token, a mediaplayer on the handheld device could play the downloaded music file,thereby allowing the client to listen to music virtually anywhere.

[0076] Moreover, downloaded data is not limited to entertainmentcontent. A variety of data may be downloaded according to embodiments ofthe present invention, including, without limitation, software, consumerinformation, account information, or other data.

[0077] While particular embodiments of the present invention have beenshown and described, it will be obvious to those skilled in the art thatthe invention is not limited to the particular embodiments shown anddescribed and that changes and modifications may be made withoutdeparting from the spirit and scope of the appended claims.

What is claimed is:
 1. A method for distributing data over a networkcomprising: issuing a certificate and a private key to a client foridentifying the client in a transaction; storing the certificate and theprivate key in a token used by the client during a transaction;verifying a digital signature using the certificate stored in the tokenbefore distributing data to the client; generating a message associatedwith the data being downloaded to the client and associated with thetoken used by the client during a transaction; and distributing the dataand the associated message to the client.
 2. The method of claim 1,further comprising providing the client with information necessary forestablishing an account.
 3. The method of claim 2, further comprisingproviding the client with the token.
 4. A method for distributing dataover a network comprising: establishing a secure connection between aclient and a server; issuing a certificate and a private key to theclient for identifying the client in a transaction; and storing thecertificate and the private key in a token used by the client during atransaction.
 5. The method of claim 4, further comprising distributingdata to the client.
 6. The method of claim 5, further comprisingrequesting information from the client for establishing an account. 7.The method of claim 4, wherein establishing a secure connectioncomprises establishing a secure connection using a security protocol. 8.The method of claim 7, wherein the security protocol is the securesocket layer protocol.
 9. The method of claim 6, wherein requestinginformation comprises requesting a credit card number.
 10. The method ofclaim 6, wherein requesting information comprises requesting a password.11. The method of claim 4, wherein storing the certificate comprises:interfacing the token to a client computer; and writing the certificateand the private key to the token across the network.
 12. The method ofclaim 4, wherein storing the certificate comprises: interfacing thetoken to a server computer; and writing the certificate to the token atthe server computer.
 13. The method of claim 5, wherein distributingdata to the client comprises distributing a media player.
 14. A methodfor distributing data over a network comprising: establishing a secureconnection between a client and a server; receiving a request from theclient for data to be downloaded; generating a message associated withthe data being downloaded to the client and associated with a token usedby the client; and distributing the data and the associated message tothe client.
 15. The method of claim 14, wherein establishing a secureconnection comprises establishing a secure connection using a securityprotocol.
 16. The method of claim 15, wherein the security protocol isthe secure socket layer protocol.
 17. The method of claim 14, whereinestablishing a secure connection comprises requesting authenticationinformation from the client; and sending authentication information fromthe server.
 18. The method of claim 17, wherein requestingauthentication information from the client comprises requesting acertificate from the client; and requesting a digital signature from theclient.
 19. The method of claim 17, wherein sending authenticationinformation from the server comprises sending a certificate from theserver; and sending a digital signature from the server.
 20. The methodof claim 18, wherein requesting a certificate comprises reading thecertificate from the token used by the client.
 21. The method of claim14, wherein generating a message further comprises: including in themessage a data identification number; including in the message a periodof time for which the data may be used by the client; including in themessage a distinguishing number of the token used by the client whenrequesting data; including in the message a symmetrical key used toencrypt the data when distributing data from the server to the clientover the network.
 22. The method of claim 14, wherein generating amessage further comprises generating a message using a public key(asymmetric) cryptographic algorithm.
 23. A method of securely utilizingdownloaded data comprising: opening a media player; opening a data file;requesting a token from a client; reading a distinguishing number fromthe token; verifying a digital message associated with the data file andthe token using the media player, the distinguishing number, and aprivate key in the token.
 24. The method of claim 23, wherein inverifying a digital message, the media player reads the private key fromthe token to decrypt the digital message.
 25. The method of claim 23,wherein in verifying a digital message, the media player sends thedigital message to the token.
 26. The method of claim 25, wherein thetoken decrypts an encrypted symmetric key using the private key.
 27. Themethod of claim 22, wherein verifying a digital message comprisesverifying the distinguishing number read from the token; verifying atime period associated with the data file; decrypting an encryptedsymmetrical key using the private key from the token; decrypting thedata file using the symmetrical key.
 28. A system for distributing dataover a network comprising: a client computer for requesting data over anetwork, the client computer being interfaced to the network; a servercomputer for distributing requested data over a network, the servercomputer being interfaced to the network; and a token interfaced to theclient computer, wherein the server computer stores a certificate and aprivate key in the token.
 29. The system of claim 28, wherein the servercomputer verifies an identity of the client with the certificate in thetoken before distributing data to the client.
 30. The system of claim28, further comprising a firewall interfaced to the network; and acryptographic processor interfaced to the server computer and thefirewall.
 31. A system for distributing data over a network comprising:a client computer for requesting data over a network, the clientcomputer interfaced to the network; a server computer for distributingrequested data over a network, the server computer interfaced to thenetwork; a token interfaced to the client computer; and a third partycomputer system interfaced to the network, wherein the third partycomputer system issues a certificate and stores the certificate in thetoken.
 32. The method of claim 31, wherein the third party computersystem issues a private key and stores the private key in the token.